Monday, March 23, 2015

SpiderFoot: Open Source Fingerprinting Tool

SpiderFoot is a free and open source fingerprinting tool for pen testers and defenders checking the posture of the sites they defend. This is an automated recon tool, available for both Windows and Linux and written in Python. 
The operation is very easy. After installing it, you start the tool and open a Web browser and browse to localhost on port 5001. Go to the Settings page and make any changes you would like, then give the scan a name and start it and sit back. The scan will run quite a while as it does a large number of checks, depending on how you configured it. If you have API keys for Honeypot Checker, Shodan or VirusTotal, it will use those to do checks against those sites for what you're scanning.
You can scan a hostname, a domain or sub-domain, an IP address or a subnet.
I'd recommend starting out small and scanning a single IP or domain until you see the length of time it will take and if you want to make any tweaks to your settings. 

SpiderFoot will report these items:

Affiliate - IP Address
Affiliate - IP Address - Subnet
Affiliate - Internet Name
Affiliate - Web Content
BGP AS Membership
BGP AS Ownership
BGP AS Peer
Blacklisted Affiliate IP Address
Blacklisted IP Address
Blacklisted IP on Owned Netblock
Blacklisted IP on Same Subnet
Co-Hosted Site
Cookies
DNS TXT Record
Defaced
Defaced Affiliate
Defaced Affiliate IP Address
Defaced Co-Hosted Site
Defaced IP Address
Device Type
Domain Name
Email Address
Email Gateway (DNS 'MX' Records)
Error Message
Externally Hosted Javascript
HTTP Headers
HTTP Status Code
Human Name
IP Address
IPv6 Address
Interesting File
Internet Name
Junk File
Linked URL - External
Linked URL - Internal
Malicious AS
Malicious Affiliate
Malicious Affiliate IP Address
Malicious Co-Hosted Site
Malicious IP Address
Malicious IP on Same Subnet
Malicious Internet Name
Name Server (DNS 'NS' Records)
Netblock Membership
Netblock Ownership
Non-Standard HTTP Header
Open TCP Port
Open TCP Port Banner
Open UDP Port
Open UDP Port Information
Operating System
Owned Netblock with Malicious IP
PasteBin Content
Physical Location
Raw DNS Records
Raw Data from RIRs
Raw File Meta Data
SSL Certificate - Issued by
SSL Certificate - Issued to
SSL Certificate - Raw Data
SSL Certificate Expired
SSL Certificate Expiring
SSL Certificate Host Mismatch
Search Engine's Web Content
Similar Domain
Social Media Presence
URL (Accepts Passwords)
URL (Accepts Uploads)
URL (AdBlocked External)
URL (AdBlocked Internal)
URL (Form)
URL (Purely Static)
URL (Uses Flash)
URL (Uses Java applet)
URL (Uses Javascript)
URL (Uses a Web Framework)
Web Content
Web Server
Web Technology

You can find out more and download SpiderFoot at http://www.spiderfoot.net/
Posted by at No comments:
Labels: , , ,

Thursday, March 12, 2015

File Analysis Sites

A few sites that you can upload different kinds of files to for a quick automated analysis. This doesn't take the place of doing a thorough analysis in the event of an incident, but it can be an aid to speed up the analysis of alerts..


Virustotal: http://www.virustotal.com
Anubis: http://anubis.iseclab.org/ - binaries only
TotalHash: http://totalhash.com/upload/
PDF's: http://malwaretracker.com/pdf.php
PDF's: http://jsunpack.jeek.org/
PDF's: http://wepawet.iseclab.org/
Documents: http://malwaretracker.com/doc.php
JavaScript or Flash: http://wepawet.iseclab.org/
JavaScript or HTML: http://jsunpack.jeek.org/
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)

Blog Archive